Search CVE reports

Toggle filters

1 – 10 of 87 results

CVE-2025-61725

Medium priority
Needs evaluation

The ParseAddress function constructeds domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.

16 affected packages

golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang Not in release Not in release
golang-1.6 Not in release Not in release
golang-1.8 Not in release Not in release Needs evaluation
golang-1.9 Not in release Not in release Needs evaluation
golang-1.10 Not in release Not in release Needs evaluation
golang-1.13 Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.14 Not in release Not in release Needs evaluation
golang-1.16 Not in release Not in release Needs evaluation Needs evaluation
golang-1.17 Not in release Needs evaluation
golang-1.18 Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.20 Not in release Needs evaluation Needs evaluation
golang-1.21 Needs evaluation Needs evaluation Needs evaluation
golang-1.22 Needs evaluation Needs evaluation Needs evaluation
golang-1.23 Needs evaluation Needs evaluation
golang-1.24 Not in release Not in release
golang-1.25 Not in release Not in release
Show all 16 packages Show less packages

CVE-2025-61724

Medium priority
Needs evaluation

The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.

16 affected packages

golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang Not in release Not in release
golang-1.6 Not in release Not in release
golang-1.8 Not in release Not in release Needs evaluation
golang-1.9 Not in release Not in release Needs evaluation
golang-1.10 Not in release Not in release Needs evaluation
golang-1.13 Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.14 Not in release Not in release Needs evaluation
golang-1.16 Not in release Not in release Needs evaluation Needs evaluation
golang-1.17 Not in release Needs evaluation
golang-1.18 Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.20 Not in release Needs evaluation Needs evaluation
golang-1.21 Needs evaluation Needs evaluation Needs evaluation
golang-1.22 Needs evaluation Needs evaluation Needs evaluation
golang-1.23 Needs evaluation Needs evaluation
golang-1.24 Not in release Not in release
golang-1.25 Not in release Not in release
Show all 16 packages Show less packages

CVE-2025-61723

Medium priority
Needs evaluation

The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.

16 affected packages

golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang Not in release Not in release
golang-1.6 Not in release Not in release
golang-1.8 Not in release Not in release Needs evaluation
golang-1.9 Not in release Not in release Needs evaluation
golang-1.10 Not in release Not in release Needs evaluation
golang-1.13 Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.14 Not in release Not in release Needs evaluation
golang-1.16 Not in release Not in release Needs evaluation Needs evaluation
golang-1.17 Not in release Needs evaluation
golang-1.18 Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.20 Not in release Needs evaluation Needs evaluation
golang-1.21 Needs evaluation Needs evaluation Needs evaluation
golang-1.22 Needs evaluation Needs evaluation Needs evaluation
golang-1.23 Needs evaluation Needs evaluation
golang-1.24 Not in release Not in release
golang-1.25 Not in release Not in release
Show all 16 packages Show less packages

CVE-2025-58189

Medium priority
Needs evaluation

When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.

16 affected packages

golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang Not in release Not in release
golang-1.6 Not in release Not in release
golang-1.8 Not in release Not in release Needs evaluation
golang-1.9 Not in release Not in release Needs evaluation
golang-1.10 Not in release Not in release Needs evaluation
golang-1.13 Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.14 Not in release Not in release Needs evaluation
golang-1.16 Not in release Not in release Needs evaluation Needs evaluation
golang-1.17 Not in release Needs evaluation
golang-1.18 Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.20 Not in release Needs evaluation Needs evaluation
golang-1.21 Needs evaluation Needs evaluation Needs evaluation
golang-1.22 Needs evaluation Needs evaluation Needs evaluation
golang-1.23 Needs evaluation Needs evaluation
golang-1.24 Not in release Not in release
golang-1.25 Not in release Not in release
Show all 16 packages Show less packages

CVE-2025-58188

Medium priority
Needs evaluation

Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.

16 affected packages

golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang Not in release Not in release
golang-1.6 Not in release Not in release
golang-1.8 Not in release Not in release Needs evaluation
golang-1.9 Not in release Not in release Needs evaluation
golang-1.10 Not in release Not in release Needs evaluation
golang-1.13 Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.14 Not in release Not in release Needs evaluation
golang-1.16 Not in release Not in release Needs evaluation Needs evaluation
golang-1.17 Not in release Needs evaluation
golang-1.18 Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.20 Not in release Needs evaluation Needs evaluation
golang-1.21 Needs evaluation Needs evaluation Needs evaluation
golang-1.22 Needs evaluation Needs evaluation Needs evaluation
golang-1.23 Needs evaluation Needs evaluation
golang-1.24 Not in release Not in release
golang-1.25 Not in release Not in release
Show all 16 packages Show less packages

CVE-2025-58187

Medium priority
Needs evaluation

Due to the design of the name constraint checking algorithm, the processing time of some inputs scals non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.

16 affected packages

golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang Not in release Not in release
golang-1.6 Not in release Not in release
golang-1.8 Not in release Not in release Needs evaluation
golang-1.9 Not in release Not in release Needs evaluation
golang-1.10 Not in release Not in release Needs evaluation
golang-1.13 Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.14 Not in release Not in release Needs evaluation
golang-1.16 Not in release Not in release Needs evaluation Needs evaluation
golang-1.17 Not in release Needs evaluation
golang-1.18 Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.20 Not in release Needs evaluation Needs evaluation
golang-1.21 Needs evaluation Needs evaluation Needs evaluation
golang-1.22 Needs evaluation Needs evaluation Needs evaluation
golang-1.23 Needs evaluation Needs evaluation
golang-1.24 Not in release Not in release
golang-1.25 Not in release Not in release
Show all 16 packages Show less packages

CVE-2025-58186

Medium priority
Needs evaluation

Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount...

16 affected packages

golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang Not in release Not in release
golang-1.6 Not in release Not in release
golang-1.8 Not in release Not in release Needs evaluation
golang-1.9 Not in release Not in release Needs evaluation
golang-1.10 Not in release Not in release Needs evaluation
golang-1.13 Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.14 Not in release Not in release Needs evaluation
golang-1.16 Not in release Not in release Needs evaluation Needs evaluation
golang-1.17 Not in release Needs evaluation
golang-1.18 Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.20 Not in release Needs evaluation Needs evaluation
golang-1.21 Needs evaluation Needs evaluation Needs evaluation
golang-1.22 Needs evaluation Needs evaluation Needs evaluation
golang-1.23 Needs evaluation Needs evaluation
golang-1.24 Not in release Not in release
golang-1.25 Not in release Not in release
Show all 16 packages Show less packages

CVE-2025-58185

Medium priority
Needs evaluation

Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.

16 affected packages

golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang Not in release Not in release
golang-1.6 Not in release Not in release
golang-1.8 Not in release Not in release Needs evaluation
golang-1.9 Not in release Not in release Needs evaluation
golang-1.10 Not in release Not in release Needs evaluation
golang-1.13 Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.14 Not in release Not in release Needs evaluation
golang-1.16 Not in release Not in release Needs evaluation Needs evaluation
golang-1.17 Not in release Needs evaluation
golang-1.18 Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.20 Not in release Needs evaluation Needs evaluation
golang-1.21 Needs evaluation Needs evaluation Needs evaluation
golang-1.22 Needs evaluation Needs evaluation Needs evaluation
golang-1.23 Needs evaluation Needs evaluation
golang-1.24 Not in release Not in release
golang-1.25 Not in release Not in release
Show all 16 packages Show less packages

CVE-2025-58183

Medium priority
Needs evaluation

tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded...

16 affected packages

golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang Not in release Not in release
golang-1.6 Not in release Not in release
golang-1.8 Not in release Not in release Needs evaluation
golang-1.9 Not in release Not in release Needs evaluation
golang-1.10 Not in release Not in release Needs evaluation
golang-1.13 Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.14 Not in release Not in release Needs evaluation
golang-1.16 Not in release Not in release Needs evaluation Needs evaluation
golang-1.17 Not in release Needs evaluation
golang-1.18 Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.20 Not in release Needs evaluation Needs evaluation
golang-1.21 Needs evaluation Needs evaluation Needs evaluation
golang-1.22 Needs evaluation Needs evaluation Needs evaluation
golang-1.23 Needs evaluation Needs evaluation
golang-1.24 Not in release Not in release
golang-1.25 Not in release Not in release
Show all 16 packages Show less packages

CVE-2025-47912

Medium priority
Needs evaluation

The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square...

16 affected packages

golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang Not in release Not in release
golang-1.6 Not in release Not in release
golang-1.8 Not in release Not in release Needs evaluation
golang-1.9 Not in release Not in release Needs evaluation
golang-1.10 Not in release Not in release Needs evaluation
golang-1.13 Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.14 Not in release Not in release Needs evaluation
golang-1.16 Not in release Not in release Needs evaluation Needs evaluation
golang-1.17 Not in release Needs evaluation
golang-1.18 Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.20 Not in release Needs evaluation Needs evaluation
golang-1.21 Needs evaluation Needs evaluation Needs evaluation
golang-1.22 Needs evaluation Needs evaluation Needs evaluation
golang-1.23 Needs evaluation Needs evaluation
golang-1.24 Not in release Not in release
golang-1.25 Not in release Not in release
Show all 16 packages Show less packages
  1. Previous page
  2. 1
  3. 2
  4. 3
  5. 4
  6. 5
  7. Next page
Export to JSON